← back
CVE-2026-32704

SiYuan renderSprig: missing admin check allows any user to read full workspace DB

CVSS 6.5 MEDIUMEPSS 0.2%CWE-285CWE-732
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. This vulnerability is fixed in 3.6.1.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
siyuan-note · siyuan

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/siyuan-note/siyuan/security/advisories/GHSA-4j3x-hhg2-fm2x